Hi, I'm Hillel. This is the newsletter version of my website. I post all website updates here. I also post weekly content just for the newsletter, on topics like Formal Methods Software History and Culture Fringetech and exotic tooling The philosophy and theory of software engineering You can see the archive of all public essays here.| buttondown.com
This is just a way of thinking about formal specification that I find really useful. The terms originally come from Michael Jackson’s Software Requirements and Specifications. In specification, the machine is the part of the system you have direct control over and the world is all the parts that you don’t. Take a simple transfer spec: ---- MODULE transfer ---- EXTENDS TLC, Integers CONSTANTS People, Money, NumTransfers (* --algorithm transfer variables acct \in [People -> Money]; define \...| Hillel Wayne
Purely functional code makes some things easier to understand: because values don't change, you can call functions and know that only their return value matters—they don't change anything outside themselves. But this makes many real-world applications difficult: how do you write to a database, or to the screen?| www.destroyallsoftware.com
Contact me here. Services: Workshops Talks Spec pairing and review Retainer services Workshops If you’re building complex, expensive systems, my workshops on software modeling can help you save hundreds of thousands in saved developer time and maintenance work. With my training you’ll learn how to Catch complex bugs that would take weeks or months to fix, and fix them before you start writing code. Build complicated systems quickly and with confidence.| Hillel Wayne
When teaching formal methods, I often get asked how we can connect the specifications we write to the code we produce. One way we do this is with refinement. All examples are in TLA+.1 Imagine we’re designing a multithreaded counter. We don’t know how we’re going to implement it yet, so we start by specifying the abstract behavior.2 ---- MODULE abstract ---- EXTENDS Integers, Sequences VARIABLES pc, counter vars == <> \* Two threads Threads == 1.| Hillel Wayne
